The Constitutional Court said two subsections of the South African Citizenship Amendment Act could be read so that those born to a South African parent, in or outside SA, could acquire South African citizenship.

The Constitutional Court on Wednesday ordered the department of home affairs to register the births of four people that it declared were South African citizens, and that they be issued with IDs.

However, the court refused to confirm orders of the high court in Pretoria, which had declared that two subsections of the South African Citizenship Amendment Act of 2010 were constitutionally invalid.

The Constitutional Court reasoned that the 2010 act could be read in a constitutionally compliant manner so that those born to a South African parent, in or outside SA, acquire or retain South African citizenship.

Five people who were born in various countries in Africa from 1969 to 2006 brought an application before the high court in 2016 in which they sought an order that they be declared South African citizens.

The department had failed to recognise their citizenship but did not provide adequate reasons for this denial.

The five each provided evidence before the high court that one of their parents was a South African citizen at the time of their birth. The high court accepted the applicants’ submissions, with the exception of those of one applicant.

Apart from an application to be declared South African citizens, the five also sought an order declaring two sections of the 2010 Amendment Act to be unconstitutional.

The department failed to respond to the application, resulting in the matter being set for hearing in May last year on an unopposed roll.

The court granted four of the five people the relief they sought; that they be declared South African citizens, that the department register their births, enter their details into the population register, assign them South African identity numbers and issue them South African identity documents and/or identity cards as well as birth certificates.

In addition to this, the high court declared the two sections unconstitutional.

According to the constitution, the Constitutional Court must confirm any order of invalidity made by the high court, before that order has any force.

In a unanimous judgment written by justice Sisi Khampepe, the court said the high court provided sparse reasons for its findings of constitutional invalidity.

“This seems to have been a consequence of the (minister of home affairs and the home affairs department's) dereliction of their responsibility during the proceedings in the high court.

“Regardless, it is still incumbent on a court, operating within our constitutional dispensation, which embeds the separation of powers principle, to provide full reasons before declaring legislation to be invalid,” Khampepe said.

Khampepe said this was unfortunate and hoped that failure to provide reasons when legislation was declared invalid did not become a regular practice by lower courts. She said an interpretation of the 2010 act that only operates in favour of those born after its commencement is the one which is at variance with the constitution.

“It is this narrow, prospective-only interpretation that strips citizenship rights from a great number of people in the most unfair and unjustified manner.

“It is that interpretation which would render the operation of the 2010 amendment retrospective by wiping out citizenship that existed under the previous acts without replacing it with another form of citizenship, and by taking away citizenship rights without retaining those previously-acquired rights,” Khampepe said.

Khampepe ordered the department to pay the costs of the four.

A number of tax and financial groups have issued warnings over a new draft bill which will introduce changes for South Africans looking to take their retirement funds out of the country.

Under the current system, members of preservation funds and retirement annuity funds may withdraw from such funds if they formally emigrate from South Africa for exchange control purposes and their emigration is approved by the South African Reserve Bank

However, changes in the draft Taxation Laws Amendment Bill (TLAB) will effectively phase out the concept of emigration for exchange control purposes.

The amendment will mean that South Africans emigrating from the country will only be able to make a withdrawal when a retirement fund member has ceased to be an tax resident and has remained so for a consecutive period of at least three years.

The change has come under fire as the TLAB was the subject of public hearings in parliament on Wednesday (7 October).

Impractical and draconian

“The proposed requirement that an individual be non-resident for a period of three years prior to being entitled to access retirement funds is impractical, draconian and will present administrative difficulties for both SARS and taxpayers,” said professional services firm PwC in its submission.

The firm said that where an individual permanently departs from South Africa, the proposed rules could – depending on the particular circumstances of that individual – result in considerable financial hardship for an extended period of time before retirement funds are available.

“Under the current rules, a person who emigrates is entitled to withdraw their retirement funds immediately. Under the proposed rules, they would now need to wait for at least three years before being able to do so,” the firm said.

“Retirement funds are frequently required by emigrants to make emigration financially viable and the proposed rules will severely impact this.”

As an alternative, PwC recommended that the proposed three-year residence rule should be replaced with another ‘more practical rule’.

“For example, it could be linked to a person ceasing to be ordinarily resident in South Africa – as opposed to necessarily not tax resident,” it said.

The opposite of modern

In its submission,  Tax Consulting SA said that the amendment is at ‘cross purposes’ to its intended goal of a more ‘modern’ exchange control system.

It highlighted that under the new system , retirement benefits will effectively be locked in and will be inaccessible to the individual in question for a minimum period of three years, even after they have left South Africa permanently.

This restriction will only be lifted once the taxpayer in question is able to prove they have been non-resident for an uninterrupted period of at least three years.

“By any measure, this new test is the opposite of modernisation and a step back towards locking in retirement funds after becoming non-resident for tax and exchange control purposes,” it said.

“Furthermore, if the test is to be based on residency, it is not clear why withdrawal is subject to a period of three full years. If the taxpayer has ceased residency, why impose a punitive lock-in of this extent?,” the firm asked.

Tax Consulting SA that the proposed amendment will do away with a well-established process that allows emigrants to freely expatriate their retirement benefits with one that is far more restrictive and less transparent.

www.samigration.com

Italian teenager Sara Passarini has lived in Australia for half of her life, but it could be 2062 before she finds out if she will be accepted as a permanent resident here.

By that time, Ms Passarini, 18, will be in her 60s. Her mother, Helen Johnson, who is also waiting on the outcome of the pair's visa application, will be more than 100 years old.

When Ms Johnson applied for a remaining relative visa for her and her daughter in 2012, the processing time was about 10 years.

Since then, the waiting time has ballooned out to five times as long.

The Department of Home Affairs has confirmed to nine.com.au the current processing time for remaining relative visas is about 50 years.

Fleeing a volatile and dangerous family situation, Ms Passarini and her mother moved from Milan to Perth when she was nine-years-old.

"It happened very suddenly. My mum told me we were going about an hour before we left for the airport and I had to leave everything I had known behind," Ms Passarini told nine.com.au.

The pair joined Ms Johnson's mother and three siblings, as well as seven nieces and nephews.

Once in Australia, Ms Johnson enrolled to study and swapped from a visitor to a student visa, with the intention of qualifying for a permanent skilled visa once her studies were complete.

However, Ms Johnson's deteriorating mental health meant she had to stop studying.

"This meant my mum had to apply for a different visa, and the only one left we were eligible for was the remaining relative visa," Ms Passarini said.

The pair has lived in Australia on bridging visas ever since.

Ms Passarini finished high school last year and now hopes to go to university, but to do so would cost her about $90,000 in international student fees. (Supplied: Sara Passarini)

Despite not being a permanent resident, Ms Passarini, who finished Year 12 last year at High School, said she adapted to life in Perth quickly and soon came to call Australia home.

"Australia is definitely my home. I speak English now better than I speak Italian," she said.

"I've done the majority of my schooling here. I've got all of my friends here. I don't see myself living anywhere else."

Applicants for the remaining relative visa are eligible for Medicare and can in some cases work, however usually with strict limitations.

The family had endured severe financial hardship over the years because of their visa status, Ms Passarini said.

Ms Passarini is classed as an international student and the family needed to pay high fees for her to attend her public primary school and high school.

"We've had a lot of financial struggles. It was about $63,000 for me to get through school here. My family in Italy helped because I had to finish high school, I had to get that qualification," she said.

Ms Passarini is now working two casual jobs as a delivery driver, but said she desperately hoped to go to university next year.

However, as an international student, the fees for a degree would cost about $90,000.

"I want to go to university and have a career. But I will have to pay triple the amount of university fees as my friends, and I'll have to pay it upfront because I'm not entitled to a HECS loan," she said.

Ms Passarini said she felt trapped by her visa situation.

"I feel like I'm being pushed into a mould that isn't who I am, all because of decisions adults made for me when I was a kid," she said.

"But I don't hold any grudges I just want to be able to study and be free to make a future for myself."

Ms Passarini has started a petition appealing for her to be granted permanent residency. (Supplied: Sara Passarini)

Ms Passarini has started an online petition calling on Home Affairs to grant her permanent residency.

"To have to wait for 50 years is just not fair. They may as well not offer the visa at all, it just gives people false hope. I think something definitely needs to change, not just for me but for others in my situation," she said.

A spokesperson for the Department of Home Affairs declined to comment on Ms Passarini's case, saying: "The Department does not comment on individual cases."

Why is the wait for a remaining relative visa so long?

The remaining relative visa belongs to the "other family visa" category, along with the aged dependent relative visas, which also have a 50-year waiting period.

Under the Department of Home Affairs' migration planning levels for the 2019-2020 financial year, other family visas were capped at 500 places, down from 900 the year before.

The low numbers of visas granted in the category look unlikely to change for the current financial year.

While last weeks's budget announced a large increase in the number of partner visas accommodated in this year's migration planning levels, once they are taken out of the equation, the number of visas in the family stream appear to have decreased.

The Department of Home Affairs declined to answer nine.com.au's questions about how many people are currently waiting for a remaining relative visa application to be processed.

However, a spokesperson for the department said: "The number of applications received each year for Remaining Relative visas outstrip the number of places available for each migration program year."

Sanjay Deshwal has been a migration agent based in Sydney since 1996.

Mr Deshwal said in the past 25 years he had seen the waiting times increase exponentially for remaining relative visas.

"I have a case where we put in a remaining relative visa application in 2012. At that time it was showing eight to 10 years wait before the visa would be granted," he said.

The case involved a Sri Lankan woman whose mother, brother and sister were all Australian citizens, he said.

"She was left in Sri Lanka with one 25-year-old son. Unfortunately, her son died in a car accident last year. She is the only one there and now it is showing up to 50 years wait," Mr Deshwal said.

"So it is very cruel. It's cruel for people to wait for so long."

Mr Deshwal said he had noticed that over the years the number of visas allocated to the other family visa category under the government's planning levels had reduced while some categories, which charged higher application fees, had grown.

For example, the number of places for the contributory parent visa, which comes with a $50,000 application fee, had increased, he said.

"The government seems to be focussed on getting money. On one side, we cannot blame the government because the economic situation is so hard, and a large number of people want to come, but definitely it puts a lot of pressure on people waiting for years and years."

 

www.samigration.com

Researchers warn of a seven-fold rise in ransomware attacks compared with last year alone - and attackers are continually evolving their tactics.

Why ransomware has become the biggest cyber threat to your network in 2020

Watch Now

There's been a huge increase in the number of ransomware attacks over the course of 2020, with a seven-fold rise in campaigns compared with just last year alone, according to newly released data from cybersecurity researchers.

Ransomware attacks have been on the rise and getting more dangerous in recent years, with cyber criminals aiming to encrypt as much of a corporate network as possible in order to extort a bitcoin ransom in return for restoring it. A single attack can result in cyber criminals making hundreds of thousands or even millions of dollars.

It's something that cyber criminals have been capitalising on despite the changing working circumstances with more people working remotely during 2020, with Bitdefender's Mid-Year Threat Landscape Report 2020 claiming a 715% year-on-year increase in detected – and blocked – ransomware attacks.

Not only has the number of ransomware attacks increased, but ransomware has continued evolving, with some of the most popular forms of ransomware last year having disappeared while new forms of ransomware have emerged. In some cases, these are even more disruptive and damaging.

"Looking into the evolution of last year's ransomware families and how they've changed this year, most of them have actually gone down in numbers. This year's popular ransomware families are not last year's popular ransomware families," Liviu Arsene, global cybersecurity researcher at Bitdefender told ZDNet.

For example, one of the most prolific ransomware threats during 2019 was GandCrab – until its operators shut up shop during the middle of the year, claiming to have made a fortune from campaigns.

Since then, new families of ransomware have emerged, including Sodinokibi – also known as REvil – which while not a massively prolific campaign, is a highly targeted operation that has made large amounts of money from disruptive, often high-profile ransomware attacks.

In many cases, hackers are following through with threats to leak data they've stolen in the run-up to deploying the ransomware attack if the victim doesn't pay – something that might strike fear into future victims and encourage them to give into the extortion demands more quickly.

"If they do that just once, they set an example for everyone else who becomes infected, because those who don't pay end up with data leaked and a GDPR fine. Everybody else who gets infected afterwards is going to see the attackers are serious," Arsene explained.

While ransomware from specialist cyber-criminal gangs such as Sodinokibi and DoppelPaymer grab the headlines, ransomware-as-a-service has continued to be an issue for organisations around the world, with ransomware families like Zepto and Cryptolocker causing problems.

While these forms of ransomware might not be as advanced as the most high-profile versions, their availability 'as-a-service' allows even low-level attackers to deploy attacks in an effort to illicitly make money, often from smaller and medium-sized businesses that feel they have no other option but to pay.

Ransomware remains a major cyber threat to organisations and businesses of all kind, but there are relatively simple steps that can be taken to avoid falling victim to a ransomware attack.

Ensuring that security patches are applied as soon as possible helps prevent hackers from exploiting known vulnerabilities to gain a foothold inside the network in the first place, while organisations should also apply multi-factor authentication across the ecosystem because that can prevent hackers moving across the network by gaining additional controls.

Organisations should also regularly backup their systems, as well as testing those backups on a regular basis as past of a recovery plan, so if the worst happens and ransomware does infiltrate the network, there's a known method of restoring it without the need to pay cyber criminals.

www.vsoftsystems.co.za

From senior buy-in to layered security and onto cross-business education, here's how CIOs can create an information security strategy that helps to keep hackers out and data safe.

CIOs are under more pressure than ever before when it comes to cybersecurity concerns, especially now that many or even all of the staff in their organisation are working from home, perhaps using unfamiliar software and hardware as they try to do their jobs on lockdown. 

The array of devices and applications that they have to take responsibility for has been rapidly expanded by the coronavirus crisis, and criminals have been keen to exploit any organisations thrown off-balance by the rapidly changing circumstances, which means taking a fresh look at what IT security really means. Tech analyst HFS Research recently reported that 56% of enterprises expect to increase their security spending in response to COVID-19. 

"The threat landscape changes on a daily basis," says Simon Liste, chief information technology officer at the Pension Protection Fund (PPF). "We've had to shift our approach so that we recognise that information security is not about 'if' you get hit but 'when' you get hit. Understanding that shift in terms of technology, culture and leadership has been hard – and not just for the PPF, but for a lot of organisations."

Liste says he's fortunate to have a strong technical background and, from his previous roles as a technical engineer and analyst, believes he's developed a good understanding of cybersecurity concerns. Here's four areas he believes IT leaders should focus on to create an effective security strategy.

1. Get buy-in from the senior leadership team

Liste says it's crucial the board understands the importance of cybersecurity. "At board level it's on the agenda at all times, especially in the position we find ourselves in right now with COVID-19," he says.

Set up by the Pensions Act 2004, the PPF protects millions of UK people who belong to defined benefit pension schemes. If their employers go bust, and their pension schemes cannot afford to pay what they've promised, the PPF pays compensation for their lost pensions.

"We have a responsibility to our internal colleagues and our external members to make sure that the data we've got is secure," he says. "Because of the role we fulfil as an organisation, we need to protect the intellectual property that we have."

Since joining the PPF in February 2018, Liste has worked with the board to help develop their awareness of cybersecurity threats. The effort has paid off.  

"They really get the critical role of information security to our organisation," he says. "And they're continually evolving their understanding, so they know that security isn't just about dealing with external threats."

2. Focus on continually honing your processes

When he became CIO at the PPF, Liste brought the management of cybersecurity back in-house after it had previously been outsourced to an external provider. He was keen to take back control of IT management decisions and he's developed an information security and privacy department.

"We don't just do a standard annual check of our systems; instead, we're constantly evaluating our estates," he says. "Cybersecurity is about trying to keep on the front foot all the time, but it's also about understanding you can't find a silver bullet that sorts everything. That just doesn't happen, so you need an ethos of constantly checking and challenging."

As part of his internal management of cyber-defence systems, Liste has established an information security committee, which helps to coordinate IT security initiatives at the executive level and ensures the value of – and risk to – data is established and recognised.

The organisation adheres to industry best practices, including ISO 27001, which is the international information security standard. The PPF is also looking at the Cyber Essentials Plus information assurance scheme operated by the National Cyber Security Centre.

"What's important is the mechanism around applying the right processes," says Liste. "You need to think about a range of key questions: how can you identify, how can you monitor, how can you manage, how can you recover, and how can you be proactive?"

3. Layer your security partners – and test them, too

Liste says insourcing IT has allowed his team to disaggregate the support model and spread provision across a series of suppliers, which helps to reduce the level of potential risk.

"Don't put all your eggs into one basket," he says. "There's often a debate around cost-appropriate security solutions, but I don't think you can sacrifice costs when it comes to security. It's not a financial decision – it's more around identifying what's absolutely fundamentally critical in terms of the data you need to protect."

Liste says the PPF uses cloud-based, perimeter gateway services and also more traditional enterprise firewalls. He advises other CIOs to try and spread risk at the hardware level and use different providers for different areas of IT infrastructure, such as servers and desktop PCs. He says the PPF's main security partner is a "top-five global specialist".

"A good security partner has intelligence – they can interrogate what's happening on your network, and what traffic's going in and out, but they also know what's going on outside your corporate environment in a place like the dark web," he says.

Liste is impressed with the level of expertise he receives, but he advises other CIOs to take nothing for granted. He refers to his main partner as his "blue team", but he also employs a "red team" of ethical hackers to regularly test the approach his main security partner is taking.

"That's to see if they can break the services and the recommendations that have been made," he says. "We're just trying to layer the way we're protecting people and data, and the interaction between people and data as well."

4. Engage with the rest of the business

Liste has gone to great lengths to strengthen security awareness at the board level and to build security capability within the IT department. Yet he says it's crucial to recognise good security is a whole-organisation effort. When it comes to creating education programmes, he says CIOs should be prepared to lean on the expertise of other functional heads.

"A good collaboration with your learning and development team, your communications team and your training team is absolutely critical," he says. "You need to work with these experts to make sure you're constantly updating and engaging with people and educating them around the evolution of the cybersecurity risk."

Liste says structured internal education and awareness programmes are the best way to teach staff across the organisation about potential risks. But he also says that training development shouldn't stop at the enterprise firewall, particularly as most staff are currently working at home due to social distancing.

"We don't limit our approach to corporate education," says Liste. "We also talk about awareness at home, which is obviously crucial right now, and we talk about the risk of phishing and being aware of the text messages that tempt you to click on links. We say that the secure practices our people apply at work should be carrying on 24/7."

www.vsoftsystems.co.za